如何使用自定义登录表单比较 Laravel 的哈希密码?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26648201/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to compare Laravel's hash password using a custom login form?
提问by Jerielle
Can you help me with this? I am building my own login form using Laravel. But I have a problem because I stored my password using Hash method and in my login form I used hash method again to compare. But I found out that the hash value is always changing.
你能帮我解决这个问题吗?我正在使用 Laravel 构建我自己的登录表单。但是我有一个问题,因为我使用哈希方法存储了我的密码,并且在我的登录表单中我再次使用了哈希方法进行比较。但是我发现哈希值总是在变化。
Here's my code in routes:
这是我的路线代码:
Route::post('/admin_handle_login', function()
{
$rules = array(
'admin_username' => 'required',
'admin_password' => 'required'
);
$validate_admin_login = Validator::make(Input::all(), $rules);
if($validate_admin_login->fails()) {
$messages = $validate_admin_login->messages();
Session::flash('warning_notification','Error: Incomplete details!');
return Redirect::to('/flaxadmin')
->withErrors($messages)
->withInput(Input::except('admin_password'));
} else {
$d = array(
Input::get('admin_username'), Hash::make(Input::get('admin_password'))
);
$validate_admin = DB::table('administrators')
->select('username')
->where('username', Input::get('admin_username'))
->where('password', Hash::check('password', Input::get('admin_password')))
->count();
fp($d);
fp($validate_admin);
}
});
The result is
结果是
Array
(
[0] => admin002
[1] => y$RTwKHN9W1/unu1ZhYlNjauApJjjoNTBnE6td/AZ5jWgZEdqVav0um
)
0
In my database the password of admin002 is
在我的数据库中,admin002 的密码是
ysSXLzh/YXN6Rf2fmljYO7lZaxfhXVSUTp5bssR2gYQ6Nw9luUH2
Is my code wrong? Or are there any proper way to do this? I am a begiiner in Laravel..
我的代码有错吗?或者有什么合适的方法可以做到这一点?我是 Laravel 的初学者..
回答by Marcin Nabia?ek
First, you cannot do it this way. Assuming usernameis unique, you should do:
首先,你不能这样做。假设username是唯一的,你应该这样做:
$validate_admin = DB::table('administrators')
->select('username')
->where('username', Input::get('admin_username'))
->first();
if ($validate_admin && Hash::check(Input::get('admin_password'), $validate_admin->password)) {
// here you know data is valid
}
However you should think about rather using built-in methods than coding it yourself. You have Auth::attemptor Auth::validateif you want to login/check only user with password so there's really no need to code it yourself.
但是,您应该考虑使用内置方法而不是自己编码。您有Auth::attempt或者Auth::validate如果您只想使用密码登录/检查用户,因此实际上无需自己编写代码。
回答by Daniel Gelling
Here you're checking the string 'password' with the hashed version of the input password.
在这里,您使用输入密码的散列版本检查字符串 'password'。
So try fetching the user by their username and if you've a result you can compare the hashed version of the password, stored in the database, with the input password. Like so:
因此,尝试通过用户名获取用户,如果您有结果,则可以将存储在数据库中的密码的散列版本与输入密码进行比较。像这样:
$user = DB::table('administrators')
->select('username', 'password')
->where('username', Input::get('admin_username');
if($user->count()) {
$user = $user->first();
if(Hash::check(Input::get('admin_password'), $user->password)) {
//User has provided valid credentials :)
}
}
回答by bmatovu
A slight improvement to marcin-nabia?ek's answer, you can now use PHP's password_verifyto achieve the same
对marcin-nabia?ek的回答略有改进,您现在可以使用 PHPpassword_verify来实现相同的
$user = App\User::where('email', $request->email)->first();
if($user && password_verify($request->password, $user->password)) {
// authenticated user,
// do something...
}
